A cyber monitored control system includes a controller with a first processing resource operable to execute a control application for a controlled system. The cyber monitored control system also includes a cyber monitor with a second processing resource isolated from the first processing resource. The cyber monitor is operable to evaluate a plurality of inputs to the cyber monitored control system with respect to a cyber threat model, verify one or more update rates of the controller, apply trending using the cyber threat model to distinguish between a fault and a cyber attack, and isolate one or more subsystems of the cyber monitored control system based on identifying the cyber attack.